Abstract
- Eduroam allows a student to use their home university credentials to access Wi-Fi at other participating institutions.
- Authenticate at home, authorise locally. Trusts the decision, not the identity!
How does it work?
Each university runs a RADIUS server connected to its own identity system (like LDAP). Access points are configured to forward 802.1X authentication requests to the local RADIUS server.
When a visiting student connects, the local RADIUS server inspects the user’s realm (domain) and forwards the authentication request through the eduroam federation to the student’s home university RADIUS server. The home university authenticates the user against its identity system and returns an accept or reject decision. If accepted, the visiting university grants network access without ever authenticating the user itself.